> > I would be surprised if we wouldn't regularly get 0-days because people > with just a GH account don't bother to do it properly, and just report > issues on GH. If that is enabled in repos without someone regularly > reviewing incoming issues, or by a maintainer who's unaware of how we > handle security issues in the project, reports may linger in public for > months or even years.
How about just using "security" label that shall be added by the maintainer and pull all labelled issues automatically via a bot? -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWjtKfVSfLps64mmxy6vEzeNVc%3DgGkM2BaUicO3d1kmjeg%40mail.gmail.com.
